US10783254B2ActiveUtilityA1

Systems and methods for risk rating framework for mobile applications

75
Assignee: SHARMA PRAVEEN KAUSHIKPriority: Oct 2, 2014Filed: Oct 2, 2014Granted: Sep 22, 2020
Est. expiryOct 2, 2034(~8.2 yrs left)· nominal 20-yr term from priority
G06N 20/00G06F 21/56G06F 21/577G06F 2221/033
75
PatentIndex Score
13
Cited by
30
References
20
Claims

Abstract

Systems, methods and computer readable medium for training a risk rating system for assessing a risk of a mobile application are disclosed. One or more features representing operational characteristics of mobile applications and malware are extracted. A first learning classifier and a second learning classifier are trained using the extracted features. A machine learning risk rating model is generated, based on the combination of the first learning classifier and the second learning classifier to calculate a risk rating based on the features and a correlation of the features. Systems, methods, and computer readable medium for assessing a risk for a mobile application are also disclosed. One or more features of a mobile application are extracted. A learning classifier is applied to the extracted features. A risk rating is determined based on the result of the classifier.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A computer-implemented method for training a risk rating system for assessing a risk of a mobile application, the method comprising:
 extracting, from a corpus of mobile applications and malware, features representing operational characteristics of the mobile applications and features representing operational characteristics of the malware or malware-like behavior; 
 constructing a feature vector from the extracted features, the feature vector having n-tuples of Boolean variables and single Boolean variables, wherein the n-tuples of the Boolean variables in the feature vector is a product of n independent Boolean variables; 
 training a first learning classifier using the feature vector, wherein the first learning classifier is a Partial Least Square model classifier; 
 training a second learning classifier using the feature vector, wherein the second learning classifier is a Bayesian model classifier; and 
 generating a machine learning risk rating model based on a combination of the first learning classifier, and the second learning classifier to calculate a risk rating based on the features and a correlation of the features indicating a risk level for the corpus of mobile applications and malware, wherein the correlation of features corresponding to the known-malware indicate a high risk, and the correlation of features corresponding to the mobile applications indicate a low risk. 
 
     
     
       2. The method of  claim 1 , wherein the Bayesian model classifier is a Naïve Bayesian model classifier or a Tree-Augmented Naïve Bayesian model classifier. 
     
     
       3. The method of  claim 1 , wherein the risk-rating is determined based on a simultaneous existence of two or more features. 
     
     
       4. The method of  claim 1 , wherein the features are represented in binary form where false indicates absence of the feature and true indicates presence of the feature. 
     
     
       5. The method of  claim 1 , wherein the one or more features of the mobile application includes declared permissions of the mobile application, intents of the mobile application, and used permissions of the mobile application. 
     
     
       6. The method of  claim 1 , wherein the risk rating model is further generated based on user defined security guidelines. 
     
     
       7. The method of  claim 6 , further comprising calculating the risk rating based on compliance with rules indicated in the user defined security guidelines. 
     
     
       8. The method of  claim 1 , wherein the first learning classifier achieves a fractions of detections of more than 92% and a fraction of alarms of less than 5%. 
     
     
       9. A computer-implemented method for assessing a risk of a mobile application, the method comprising:
 receiving a mobile application; 
 extracting features representing an operational characteristic of the mobile application; 
 constructing a feature vector from the extracted features, the feature vector having n-tuples of Boolean variables and single Boolean variables, wherein the n-tuples of the Boolean variables in the feature vector is a product of n independent Boolean variables; 
 inputting the feature vector into a trained risk rating model system, wherein the risk rating model uses a first learning classifier and a second learning classifier, the first learning classifier being a Partial Least Square model classifier, and the second learning classifier being a Bayesian model classifier; and 
 determining a risk-rating for the mobile application based on a result of the trained risk rating model. 
 
     
     
       10. The method of  claim 9 , wherein the risk rating model is trained using the method in  claim 1 . 
     
     
       11. A non-transitory computer readable medium storing instructions executable by a processing device, wherein execution of the instructions causes the processing device to implement a method for training a risk rating system for assessing a risk of a mobile application comprising:
 extracting, from a corpus of mobile applications and malware, features representing operational characteristics of the mobile application and features of the malware or malware-like behavior; 
 constructing a feature vector from the extracted features, the feature vector having n-tuples of Boolean variables and single Boolean variables, wherein the n-tuples of the Boolean variables in the feature vector is a product of n independent Boolean variables; 
 training a first learning classifier using the feature vector, wherein the first learning classifier is a Partial Least Square model classifier; 
 training a second learning classifier using the feature vector, wherein the second learning classifier is a Bayesian model classifier; and 
 generating a machine learning risk rating model based on a combination of the first learning classifier, and the second learning classifier to calculate a risk rating based on the features and a correlation of the features indicating a risk level for the corpus of mobile applications and malware, wherein the correlation of features corresponding to the known-malware indicate a high risk, and the correlation of features corresponding to the mobile applications indicate a low risk. 
 
     
     
       12. The non-transitory computer readable medium of  claim 11 , wherein the risk-rating is determined based on a simultaneous existence of two or more features. 
     
     
       13. The non-transitory computer readable medium of  claim 11 , wherein the features are represented in binary form where false indicates absence of the feature and true indicates presence of the feature. 
     
     
       14. The non-transitory computer readable medium of  claim 11 , wherein the one or more features of the mobile application includes declared permissions of the mobile application, intents of the mobile application, and used permissions of the mobile application. 
     
     
       15. The non-transitory computer readable medium of  claim 11 , wherein the risk rating model is further generated based on user defined security guidelines. 
     
     
       16. A non-transitory computer readable medium storing instructions executable by a processing device, wherein execution of the instructions causes the processing device to implement a method for assessing a risk of a mobile application comprising:
 receiving a mobile application; 
 extracting features representing an operational characteristic of the mobile application; 
 constructing a feature vector from the extracted features, the feature vector having n-tuples of Boolean variables and single Boolean variables, wherein the n-tuples of the Boolean variables in the feature vector is a product of n independent Boolean variables; 
 inputting the feature vector into a trained risk rating model, wherein the risk rating model uses a first classifier and a second classifier, the first classifier being a Partial Least Square model classifier, and the second learning classifier being a Bayesian model classifier; and 
 determining a risk-rating for the mobile application based on a result of the trained risk rating model. 
 
     
     
       17. A system for assessing a risk of a mobile application, the system comprising:
 a feature module programmed to:
 extract features of the mobile application and construct a feature vector from the extracted features, the feature vector having n-tuples of Boolean variables and single Boolean variables, wherein the n-tuples of the Boolean variables in the feature vector is a product of n independent Boolean variable; 
 
 a risk-rating module programmed to:
 apply a machine learning classifier to the feature vector, wherein the machine learning classifier is a Partial Least Square model classifier and a Bayesian model classifier; and 
 calculate, based on a classification from the machine learning classifier of the one or more features, a numeric likelihood that the mobile application contains malware or malware-like behavior. 
 
 
     
     
       18. The system of  claim 17 , further comprising:
 a training module programmed to:
 receive a corpus of mobile applications and malware; and 
 
 the feature module further programmed to:
 extract, from the corpus of mobile applications and malware, one or more features representing operational characteristics of the mobile applications and one or more features representing operational characteristics of the malware or malware-like behavior; 
 
 the training module further programmed to:
 train a first learning classifier using the extracted features; 
 generate a machine learning risk rating model based on the first learning classifier to calculate a risk rating based on the features and a correlation of the features indicating a risk level for the corpus of mobile applications and malware, 
 
 wherein the correlation of the features corresponding to the malware indicate a high risk, and the correlation of the features corresponding to the mobile applications indicate a low risk. 
 
     
     
       19. The system of  claim 17 , wherein the training module is further configured to analyze accuracy of the generated risk rating model based a second plurality of mobile applications including a set of known-malware applications and known-benign applications. 
     
     
       20. The system of  claim 17 , wherein the mobile application is any one of a computer application, server application, and thin-client application.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.